Since the beginning of the year, dozens of people have reported receiving e-mails purportedly from major corporations asking for personal information such as credit card, bank account or Social Security numbers, according to the Better Business Bureau of Hawaii.

Called "phishing," this type of scam uses e-mails to fish for information from Internet users.

Nationally, phishing attacks grew by 4,000 percent in the past six months, according to the Anti-Phishing Working Group, an industry consortium in Redwood City, Calif.

In Hawai'i, the number is rising as well.

"It has started to pop up," said Detective Letha DeCaires, coordinator of the Honolulu Police Department's CrimeStoppers unit. "Phishing is new here." There are no local statistics yet since most of the attacks have been fairly recent.

In this type of scam, Internet users receive e-mail that looks like official correspondence from a company. Citing reasons such as account verification, the e-mails ask the recipients to click a link to a bogus Web page and enter sensitive financial information. The information is then used for fraudulent activity, such as making online purchases with stolen credit card numbers.

About 5 percent of consumers who get these e-mails respond, the Anti-Phishing group said. Bogus Web pages can easily fool consumers because they often look like the real sites, even down to copying the logos exactly and mimicking real Web addresses, said Dan Maier, a spokesman for the anti-phishing group.

Maier said the financial services industry is the most targeted by phishers, with Citibank, a unit of the world's financial services firm Citigroup, often topping the list. Other companies often targeted include eBay, PayPal, AOL, Microsoft and various large banks.

The term phishing was coined in the mid-1990s by computer hackers who were targeting America Online accounts and stealing passwords from AOL customers. "Ph" is a common hacker replacement for "f," and is a nod to the original form of hacking known as "phreaking."

One phish e-mail purported to be from eBay says: "During our regular update and verification of the accounts, we couldn't verify your current information. Either your information has changed or it is incomplete. As a result, your access to bid or buy on eBay has been restricted. To start using your eBay account fully, please update and verify your information by clicking below."

The link sends the user to a fake eBay Web page that asks for the user ID, password, full name, date of birth, Social Security number, credit or debit card number, expiration date and the three-digit code on the back of the card — originally designed to thwart online fraud.

The fake Web page also includes the line, "your information is kept safe and private," with a graphic of a lock next to it.

But consumers should be wary of responding to such e-mail since legitimate companies don't ask for financial information in this manner, Maier said.

"You never click on a link," DeCaires said. "Type in the URL (Web address) yourself."

You may wish to contact the company by phone to verify the correspondence, Maier said.

When legitimate companies send e-mails they normally personalize them, while scammers generally can't do it because they send mass mailings, Maier said. For instance, legitimate e-mails usually include a person's first and last names, while bogus one's might have just a first initial followed by the last name.

One person who's received several phish e-mail messages in recent months is Stuart Yamane of Kane'ohe.

He said the messages looked official and the linked Web page appeared authentic in many cases, even matching the logo and corporate colors.

But Yamane said he hasn't fallen prey to the scams because his natural hesitancy to give out personal information and his concerns about potential identity theft. While the experience has made him more careful about doing business online, it's not going to put a damper on his Internet use.

"The World Wide Web is part of our lives," Yamane said. "Living in Hawai'i, (going online is) one of the most efficient ways to do shopping."

Reach Deborah Adamson at dadamson@honoluluadvertiser.com or 525-8088.

Prevent Internet identity theft:

• Don't provide credit card numbers by e-mail; legitimate companies never ask for that information by e-mail, even for verification.
• Online bank accounts should be reviewed monthly.
• Never click on a link from an unsolicited e-mail.

More anti-phishing tips: